Originally published on Medium

We need to protect our privacy. But that alone won’t return sanity to our politics.

The 2016 presidential election was an explosive reinforcement of the dark potential of online influence. Cambridge Analytica, with its purloined Facebook data and skill at mythical self-promotion, has arisen as a perfect boogeyman for these gloomy times.

To be clear, the scandal exposed real privacy issues that need to be dealt with — urgently — but it shouldn’t distract the broader Democratic campaign community from the continuing need to uplevel its digital efforts. As a society, we need to reckon with the abuse of personal digital data and how to best stop it. Separately, campaigners should not take the scandal to mean that a strong digital effort requires shadowy tactics and data theft; instead, it needs a strong and effective use of existing tools and the serious devotion of time and money. Cambridge Analytica, which ultimately sold digital advertising in a shady way, is a distraction from this vital narrative.

Americans spend 5.6 hours/day online. IPG Mediabrands, a large media buying agency, expects global advertisers in 2018 to spend **$54 billion more **on digital ad channels than TV. However, Democratic campaigns still are spending **65 to 70 percent **of their budget on **direct mail and TV **and just **five to ten percent **on digital. This incredible mismatch is still pervasive in 2018 as I talk to campaigns up and down the ballot and all around the country. It took commercial advertisers a decade to catch up to where their customers actually spend their time; as the world gets faster paced and the political stakes grow, Democratic political advertisers do not have the luxury of waiting that long. The good news is, catching up is a mindset change, not a technology change, and a look at the details of Facebook’s ad targeting capabilities and the Cambridge Analytica scandal illustrates how.

The evolution of Facebook’s ad platform showcases how limited demographic data is for targeting

“Converting Facebook data into money is harder than it sounds, mostly because the vast bulk of your user data is worthless.” — Antonio Garcia Martinez, former Facebook Ads product manager

In 2012, Facebook had not yet figured out how to make serious money. Although Facebook knew who you were and what you had Liked, users just weren’t clicking on ads enough. With a looming IPO in May of that year, revenue was not where it needed to be.

That year, Facebook’s Ads team found their way to the solution — and as Garcia Martinez alludes to above, it was one that ignored the majority of the data you gave Facebook.

Custom Audiences, announced in September 2012, let advertisers find their valued customers online. Facebook would say “give me 1,000 of your best customers”; an advertiser would hand over the list; and Facebook would say, “we’ll find these people — trust us.” Advertisers, although they did not know precisely who saw what ad, saw fantastic results out of his process, and so kept supplying the lists and buying the ads.

The special sauce was simply making sure the ads went to the specific people the advertisers cared about. Facebook didn’t need to know who bought what product, clicked on what link, or whose photos you had just scrolled through; just that it was showing ads to the right people. In 2013, Facebook announced “lookalike audiences,” which allowed advertisers to find new customers who “looked like” their old ones through an opaque black box of user data and targeting algorithms. These new products worked. Paired with a fortuitous shift to mobile device usage, click-through rates increased, advertiser results increased, and Facebook’s revenue shot up.

Selling your data is against Facebook’s interests

While these features are often construed as “selling your data to advertisers,” if they really did, advertisers take those online identities and instantly go around Facebook, advertising to people wherever they could be found, and Facebook would lose billions of dollars of revenue.

The Custom Audience and lookalike black boxes that match offline personas to online identities became black gold, and Facebook protected them however they could. In 2014, Facebook nearly bankrupted two ad measurement companies, HasOffers (now known as TUNE) and Kontagent (now shuttered), for “holding onto user data too long.” In 2015, Facebook terminated the once officially sanctioned API that Cambridge Analytica exploited, but as we now know, only weakly enforced its closure.

Navigating the Gulf of Creepiness

There’s a longstanding gulf between the inherent creepiness of unknown companies knowing who your friends are and the real-life utility of that data.

Facebook users accept an implicit bargain: they will be shown targeted advertising in exchange for the free utility they find in the service. The social contract is finely drawn; when the data is possessed by another company, trust is violated. Although Facebook is catching all of the recent flak, companies do exist to explicitly sell your personal data. For instance, the Oracle Data Cloud Registry, formerly known as BlueKai, collects credit card receipts, income data, and store purchases to sell to marketers in search of people, say, ready for a new flavor of Doritos.

With politics, the social contract has always been different. The Obama 2008 operation was lauded for “microtargeting.” Can you imagine how creepy it would be if Doritos texted you, called you, and had staff come and knock on your door on account of what chips you had bought years prior? Although political campaigns operate under a different set of expectations, the Cambridge scandal reinforces the absolute need for those campaigns to be very conscious of preserving voter privacy.

Do Democrats need their own Cambridge Analytica?

Despite their self-promotional efforts, Cambridge Analytica did not elect Trump, and their efficacy as advertisers — even with the stolen data — seems limited. Ted Cruz, Cambridge’s marquee client, stopped using them after a 2016 primary in South Carolina, and while the Trump campaign spent almost $6 million with Cambridge, that was just 13% of what the Trump campaign spent directly on Facebook.

By 2016, Facebook’s in-house tools — custom audiences and lookalikes — were perfectly capable of putting persuasive ads in front of the right people. The Trump campaign outspent the Hillary campaign on Facebook, $44 million to $28 million, between June and November of 2016. Spend does not equal persuasion, but it’s an important data point.

Democrats do not need their own Cambridge Analytica. Instead, they need to radically increase investment in the basics of a digital presence, up and down the ballot. A typical Democratic campaign plans to spend between five and ten percent of their campaign budget on digital advertising, with TV and direct mail taking up the larger share. These guidelines are severely out of date; digital ad spending for campaigns should be 30 percent of a campaign’s overall budget.

Facebook, for its part, is adapting to the new environment, releasing new ad disclosure features and verifying true ownership of pages. Facing possible regulation like the Honest Ads Act, Facebook is proactively endorsing it, adopting its requirements ahead of schedule. At the same time, in the European Union, the new General Data Protection Regulation (GDPR) is enforcing the protection of personal data protection with new regulations and large fines. These new regulations and features will put the screws on online targeters, but not affect what Democrats need to do.

The net effect of these scandals will be some increased protection of your online identity — and that’s a great thing. Data holes will be plugged, Facebook will rightfully suffer in the public eye, and Cambridge Analytica will fade into the sunset. But do not confuse the defeat of the Cambridge boogeyman for a digital “job well done.” Being competitive online does not require data theft and shady targeting, but being serious and proactive about meeting voters where they are and spending serious time and money online.